ICD Brief 17.

ICD Brief 17.

07.11.2016. – 13.11.2016.

USA

“President-elect Donald Trump’s national security priorities are modernizing the aging U.S. nuclear arsenal and securing critical infrastructure from cyber attacks. According to Greatagain.gov, the presidential transition website opened Thursday, Trump also appears to have shifted rhetoric on terrorism. During the campaign, Trump loudly proclaimed radical Islam to be the key driver of terrorism. The transition website, however, refers only to “radical ideologies” as the inspiration behind the long-term threat of terrorism.”

“A Russian hacking group began attacking U.S.-based policy think tanks within hours of Donald Trump’s presidential election victory, according to cyber experts who suspect Moscow is seeking information on the incoming administration. Three cyber security firms told Reuters that are tracking a spear-phishing campaign by a Russian-government linked group known as Cozy Bear, which is widely suspected of hacking the Democratic Party ahead of the election.”

“More than five million students and others interested in a cyber career have registered with the National Security Agency’s “Day of Cyber” website since its launch just over a year ago, the agency confirmed this week. Registered visitors to the site — which is aimed at aspiring cyber-professionals aged 13 and up — can “test-drive cyber careers and live a day in the life of six leading NSA cyber professionals,” the NSA said when it launched just over a year ago.”

“Donald Trump’s surprise election victory has alarmed technology companies and civil libertarians fearful that a self-described ‘law and order’ president will attempt to expand surveillance programs and rejoin a long-running battle over government access to encrypted information.”

“A small cybersecurity team located in the Capital Region spent the day on high alert, monitoring potential threats from hackers and cybercriminals, and working closely with the Department of Homeland Security. Steven Spano is CEO of the Center for Internet Security, located in Rensselaer County. He and his team worked throughout the day to make sure voting systems across the country were safe from being breached by foreign governments or other entities.”

“Hillary Clinton and Donald Trump have said nary a meaningful word on cybersecurity during the campaign. Both chose instead to talk about the military, national security, and terror prevention as if this were a decade ago. And for good reason: They wouldn’t have the faintest idea what to say.”

“Minnesota is adding tech jobs at the greatest rate of anywhere in the country,” declared Suzanne Spaulding, Under Secretary for the National Protection and Programs Directorate (NPPD) at the Department of Homeland Security, a keynote speaker at Cyber Security Summit 2016 in Minneapolis. The flip side of that coin with regard to cyber security, she noted, is that “vibrancy makes us an attractive target.”

“Just this summer, the FBI said they had evidence of international hackers targeting voter registration systems in several states. It’s a breach that’s raised security questions ahead of Tuesday’s election. “The DHS and FBI have noticed some irregularities in various state’s voter registration databases and that’s completely different than the voting computers,” said Cris Thomas, a strategist with Tenable Network Security, and cyber security company in Columbia, Maryland.”

“To protect power grid integration from cyber threats in California, the California Public Utilities Commission has funded a cyber information sharing program, California Energy Systems for the 21st Century (CES-21). According to Jamie Van Randwyck, project lead for Lawrence Livermore National Laboratory, “The CES-21 program has been a highly productive and collaborative initiative thus far. The research and development being pursued in this program have the potential to change the way utilities protect their critical assets.”

China

“China adopted a controversial cybersecurity law on Monday that it said would tackle growing threats such as hacking and terrorism but has triggered concern from foreign business and rights groups. The legislation, passed by China’s largely rubber-stamp parliament and set to come into effect in June 2017, was an “objective need” of China as a major internet power, a parliamentary official said.”

“The chief of one of Asia’s most prominent financial trade bodies on Tuesday said new cyber security rules in China could make it harder for foreign companies operating in the country to manage risk as cyber threats become increasingly cross-border.”

“The Chinese government has approved a broad new cybersecurity law that it says will help it combat hacking and terrorism, but that has left foreign companies and human rights groups concerned. Set to come into effect in June 2017, the law includes requirements for “critical information infrastructure operators” to store personal information and important business data within China, provide “technical support” to security agencies, and go through national security reviews.”

“Cyber Monday is big, but businesses that want to participate in the largest shopping day of the year are quickly turning to China. 11.11 is Singles Day, when some $20 billion in goods is expected to be purchased on the Chinese e-commerce market. U.S. brands such as Victoria’s Secret, Crayola and Beats are taking aim at Singles Day — which is about five times bigger than Cyber Monday — by launching stores on e-tailing giant Alibaba. ”

EU

“This summer, the EU adopted its new Directive on the Security of Network and Information Systems. According to European Commission vice president Andrus Ansip, the so-called NIS Directive “is the first comprehensive piece of EU legislation on cybersecurity”. As a result, companies providing “essential services” through network and information systems (e.g. in the energy, transport, finance, and health sectors) and digital service providers (online marketplaces, search engines, and cloud service providers) in the EU will face new cybersecurity obligations, and governments shall also introduce national cybersecurity strategies and policies.”

“Fifth annual joint workshop seeks to foster better co-operation between national cyber incident response teams and law enforcement agencies to establish a network to discuss topics of mutual interest. European law enforcement agencies and computer security incident response teams are meeting to find ways of improving the sharing of information on cyber crime.”

Germany

“The German cabinet on Wednesday adopted a new cyber security strategy to counter a rising number of threats targeting government institutions, critical infrastructure, businesses and citizens. The strategy calls for the creation of a mobile Quick Reaction Force housed within the Federal Office for Information Security (BSI), as well as similar teams within the federal police and domestic intelligence agency that are able to respond to cyber threats against government institutions and critical infrastructure. ”

NATO

“When it comes to cyber — so far — there is no agreed-upon international law of war. “The international community is extraordinarily interested in this,” said Michael N. Schmitt, chairman of the US Naval War College’s international law department. “They’re struggling with questions like, when the Russians hack into the DNC database and then release it, is that a violation of international law? What doors does that open with respect to our responses?””

Russia

“Russia is continuing to increase its cyber-capabilities through the establishment of a cyber-army within the national Ministry of Defence structures, as well as developing local technical and defence enterprises, according to a recent report by analysts at Meduza, a Riga-based online newspaper. Meduza’s investigation reports how the implementation of these plans is carried out under the control of Russian special services and in particular the Federal Security Service (FSB) and the Russian Military Intelligence (GRU), which in recent years have become among the largest buyers of equipment and technologies, designed for conducting cyber-attacks.”

“Five Russian banks have been under intermittent cyber-attack for two days, said the country’s banking regulator. The state-owned Sberbank was one target of the prolonged attacks, it said. Hackers sought to overwhelm the websites of the banks by deluging them with data in what is known as a Distributed Denial of Service (DDoS) attack.”

“Is there a cyberwar brewing between the U.S. and Russia? It certainly looks like it — and, online or off, the main targets are likely to be civilian infrastructure. The Department of Homeland Security and the Office of the Director of National Intelligence formally accused the Russian government of cyberattacks against American political institutions and leaders last month. The announcement confirms what many cybersecurity experts had already concluded — that Russian state-affiliated actors are hacking and releasing information in an attempt to disrupt U.S. elections and discredit the U.S. political process.”

UK

“The texts began arriving on customers’ phones over the weekend: Tesco Bank had spotted unusual activity on a significant number of current accounts, and was getting in touch with customers to alert them. But that wasn’t enough to prevent £2.5m being siphoned out of about 9,000 accounts, and transferred to criminals whose identities and locations remain a mystery.”

“The new UK National Cyber Security Centre (NCSC) has promised to test and prove with government departments everything it recommends. “Our strategy is to use government as a guinea pig for all the measures we want to see done at national scale,” said Ian Levy, technical director of the NCSC.”

Insurance

“Mumbai: Following the data theft that impacted 32 lakh debit cards recently, insurers see a surge in demand for cyber insurance and have warned of a spike in cyber risk cover premiums. In the biggest-ever security breach in the domestic banking sector, over 32 lakh debit cards of various banks were ‘compromised’ after a cyber malware attack in the ATM systems of Yes Bank in May-June.”

“Cyberattacks against Target, Home Depot, Sony and several other large companies have galvanized what was a formerly niche cyber insurance market. As a result of those high-profile breaches, corporate demand for policies that hedge against hackers has soared. Seizing on this opportunity, Aon last month acquired Stroz Friedberg, adding incident response and other capabilities to its portfolio of cybersecurity assessment and risk transfer services. Aon further plans to round its portfolio with risk analytics, sentiment analysis, and vendor partnerships.”

“Make sure you’re covered for the gray areas—that’s the warning from insurance attorney Scott Godes, who talked to TechRepublic recently about the chasm between cyberpolicies and traditional crime coverage. Uninsured losses resulting from social engineering are an all-too-common plight of American businesses, said Godes, a partner in the Washington., D.C. office of Barnes & Thornburg, where he co-chairs the data security and privacy practice.”

Feature

“At least three consecutive waves of complex online attacks were directed at Domain Name System (DNS) servers operated by Dyn, a US internet infrastructure provider. The attack on October 21, 2016 consisted of a Distributed Denial of Service (DDoS) attack, and blocked access to thousands of websites, including Netflix, Amazon, Twitter, Airbnb, the New York Times, PayPal, and more. Immediately, suspicions centered on Russia and China as having both the motivation and the ability to plan and execute such an attack. Yet as of this writing, it is not at all clear if the attack was state-motivated. After the attack, it was reported that the Chinese and Russian hacker group known as New World Hackers assumed responsibility and claimed it was a sophisticated attack using botnets at higher-speed traffic than ever know before – 1.2 terabytes per second (Tbps).

The attack exploited vast numbers of connected devices (in an announcement to the media, Dyn stated that some 100,000 devices were involved). These devices, also known as the Internet of Things (IoT), include webcams, alarm systems, baby monitors, internet-based security cameras, DVRs, printers, and routers – all connected to the internet. The attackers managed to plant a software component in these devices that could receive commands from a control server so that the masses of devices all sought out the target in a synchronized manner and paralyzed the attacked servers’ ability to function by flooding it with traffic. The vast majority of these devices lack any kind of significant defenses; access to most of the systems is ensured through default usernames and passwords installed by the manufacturer. In fact, there is no current effective concept to respond to this type of threat.”

“The first 48 hours following a cyber attack are critical. Making the right calls will manage the threat and mitigate the risk to your business. You need a rapid response – but, what are the right calls? We set out the steps you should take.”